Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/ce47d2-7e71-45de-8f18-911bb3dcf0d7/1/yF5S6rLc47Y3fmG2xsGhpwzcN8s.roa
File:                     yF5S6rLc47Y3fmG2xsGhpwzcN8s.roa (raw, json)
Hash identifier:          dvdFBH+Q25mt0u9WeoTJ8e3zpfCJgdR0ZoZdwL/YLZM=
Subject key identifier:   C8:5E:52:EA:B2:DC:E3:B6:37:7E:61:B6:C6:C1:A1:A7:0C:DC:37:CB
Certificate issuer:       /CN=464d8d80ab37a757b9d3748295fe669f4e093b23
Certificate serial:       01915A6786306F7B21752DFB84F0D68FD6A3
Authority key identifier: 46:4D:8D:80:AB:37:A7:57:B9:D3:74:82:95:FE:66:9F:4E:09:3B:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rk2NgKs3p1e503SClf5mn04JOyM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/ce47d2-7e71-45de-8f18-911bb3dcf0d7/1/yF5S6rLc47Y3fmG2xsGhpwzcN8s.roa
Signing time:             Fri 16 Aug 2024 08:56:59 +0000
ROA not before:           Fri 16 Aug 2024 08:56:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203328
IP address blocks:        185.138.44.0/22 maxlen: 22
                          2a07:9c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/ce47d2-7e71-45de-8f18-911bb3dcf0d7/1/Rk2NgKs3p1e503SClf5mn04JOyM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/ce47d2-7e71-45de-8f18-911bb3dcf0d7/1/Rk2NgKs3p1e503SClf5mn04JOyM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rk2NgKs3p1e503SClf5mn04JOyM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5a:67:86:30:6f:7b:21:75:2d:fb:84:f0:d6:8f:d6:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=464d8d80ab37a757b9d3748295fe669f4e093b23
        Validity
            Not Before: Aug 16 08:56:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c85e52eab2dce3b6377e61b6c6c1a1a70cdc37cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:dc:50:02:8e:81:bb:4a:68:db:10:07:55:6c:
                    b0:af:b9:f6:0a:07:39:12:e3:c7:87:59:dc:53:39:
                    fe:59:3a:5f:8d:9e:f9:57:06:0a:e7:95:da:78:d5:
                    60:5d:6a:a6:1e:b6:64:a2:57:b1:94:a5:42:67:ec:
                    0c:7f:7d:b7:45:d3:d9:df:9f:d9:7a:7e:3e:fd:c4:
                    60:00:86:7b:f5:a4:5b:92:92:f6:0f:dc:96:45:89:
                    28:36:49:91:5e:8d:28:f9:3c:34:fd:e1:eb:0e:05:
                    9f:03:80:65:8b:23:78:7e:8d:2a:6b:d4:2f:aa:17:
                    3e:a7:ab:87:12:a4:5d:33:ea:08:af:fe:77:76:4c:
                    44:43:ab:6e:52:e7:12:ba:33:de:34:e9:a0:79:0d:
                    0e:c3:4a:8f:c5:03:f6:9c:78:e5:aa:c5:b9:0a:4f:
                    15:81:91:b1:75:62:e4:3d:c3:08:e3:58:f9:8c:19:
                    6d:61:5c:bd:62:ad:fb:ec:09:b2:76:e5:a0:27:92:
                    eb:93:d1:ee:f7:47:38:ef:d3:f9:69:73:74:b3:99:
                    e4:24:79:7f:bc:1e:04:d2:e7:27:9b:3c:61:5d:1c:
                    20:3c:65:15:a3:83:59:13:c3:78:ac:fe:99:0a:65:
                    ef:5c:1c:4a:3e:26:16:ee:8e:87:e6:e9:1d:3c:c4:
                    de:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:5E:52:EA:B2:DC:E3:B6:37:7E:61:B6:C6:C1:A1:A7:0C:DC:37:CB
            X509v3 Authority Key Identifier:
                keyid:46:4D:8D:80:AB:37:A7:57:B9:D3:74:82:95:FE:66:9F:4E:09:3B:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rk2NgKs3p1e503SClf5mn04JOyM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/ce47d2-7e71-45de-8f18-911bb3dcf0d7/1/yF5S6rLc47Y3fmG2xsGhpwzcN8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/ce47d2-7e71-45de-8f18-911bb3dcf0d7/1/Rk2NgKs3p1e503SClf5mn04JOyM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.44.0/22
                IPv6:
                  2a07:9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:79:c8:5b:7b:79:57:45:35:bd:95:a8:15:4c:37:c5:d5:2b:
         b7:47:53:1d:3e:c8:50:cd:6a:41:38:23:0b:e6:bd:5a:26:f1:
         a5:d4:1b:5c:c9:ae:b4:8c:44:60:90:11:49:fb:3a:c5:1c:ad:
         5e:74:da:3c:7d:a3:66:5e:b0:99:98:8e:3a:b3:9a:d6:d1:c6:
         68:ed:82:d3:76:fe:11:88:dc:74:27:2b:c3:e8:c1:fd:40:ff:
         8c:07:ae:e1:fc:c6:9d:73:ab:50:89:7a:b2:93:26:3d:b8:95:
         2e:0f:8c:b6:2e:52:23:08:bb:44:59:dd:86:45:da:89:d2:91:
         c9:71:c2:46:f4:9a:97:e4:b0:59:b4:e0:0a:f3:df:b5:a5:19:
         e7:9b:4a:d6:89:58:98:de:1d:a4:46:fa:26:79:a8:ec:53:11:
         95:a0:46:0b:fd:d8:a0:f8:31:4c:7f:2a:0e:a7:b8:88:c8:8e:
         a3:c9:f5:5e:17:6f:b6:ef:20:7f:5a:b9:88:b8:61:85:ae:fa:
         4d:53:e8:82:53:75:e5:0a:0f:4f:e5:8b:dc:56:45:2e:ae:f0:
         6f:f7:db:de:fa:07:e8:11:aa:63:e4:26:d3:cb:af:f3:55:a8:
         1f:cc:1a:fb:de:6c:ba:86:19:1e:dc:e1:8b:ff:83:83:f0:ec:
         be:7d:af:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZFaZ4Ywb3shdS37hPDWj9ajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NGQ4ZDgwYWIzN2E3NTdiOWQzNzQ4Mjk1ZmU2NjlmNGUw
OTNiMjMwHhcNMjQwODE2MDg1NjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODVlNTJlYWIyZGNlM2I2Mzc3ZTYxYjZjNmMxYTFhNzBjZGMzN2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdxQAo6Bu0po2xAHVWywr7n2Cgc5
EuPHh1ncUzn+WTpfjZ75VwYK55XaeNVgXWqmHrZkolexlKVCZ+wMf323RdPZ35/Z
en4+/cRgAIZ79aRbkpL2D9yWRYkoNkmRXo0o+Tw0/eHrDgWfA4BliyN4fo0qa9Qv
qhc+p6uHEqRdM+oIr/53dkxEQ6tuUucSujPeNOmgeQ0Ow0qPxQP2nHjlqsW5Ck8V
gZGxdWLkPcMI41j5jBltYVy9Yq377AmyduWgJ5Lrk9Hu90c479P5aXN0s5nkJHl/
vB4E0ucnmzxhXRwgPGUVo4NZE8N4rP6ZCmXvXBxKPiYW7o6H5ukdPMTepwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMheUuqy3OO2N35htsbBoacM3DfLMB8GA1UdIwQY
MBaAFEZNjYCrN6dXudN0gpX+Zp9OCTsjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmsyTmdLczNwMWU1MDNTQ2xmNW1uMDRKT3lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9jZTQ3ZDItN2U3MS00NWRlLThmMTgt
OTExYmIzZGNmMGQ3LzEveUY1UzZyTGM0N1kzZm1HMnhzR2hwd3pjTjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9jZTQ3ZDItN2U3MS00NWRlLThmMTgtOTExYmIzZGNmMGQ3
LzEvUmsyTmdLczNwMWU1MDNTQ2xmNW1uMDRKT3lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYosMA0E
AgACMAcDBQMqBwnAMA0GCSqGSIb3DQEBCwUAA4IBAQBVechbe3lXRTW9lagVTDfF
1Su3R1MdPshQzWpBOCML5r1aJvGl1Btcya60jERgkBFJ+zrFHK1edNo8faNmXrCZ
mI46s5rW0cZo7YLTdv4RiNx0JyvD6MH9QP+MB67h/Madc6tQiXqykyY9uJUuD4y2
LlIjCLtEWd2GRdqJ0pHJccJG9JqX5LBZtOAK89+1pRnnm0rWiViY3h2kRvomeajs
UxGVoEYL/dig+DFMfyoOp7iIyI6jyfVeF2+27yB/WrmIuGGFrvpNU+iCU3XlCg9P
5YvcVkUurvBv99ve+gfoEapj5CbTy6/zVagfzBr73my6hhke3OGL/4OD8Oy+fa9b
-----END CERTIFICATE-----